fix: add https status to activity log (#6978)

* fix: add https status to activity log * create prerelease * create RC * pass info from gateway to grpc server * fix: update releaserc to create RC version * cleanup --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 03:57:32 +00:00 · 2023-11-28 16:56:29 +01:00
parent 24b05dc88c
commit ef11609142
11 changed files with 75 additions and 46 deletions
--- a/internal/api/grpc/client/middleware/activity.go
+++ b/internal/api/grpc/client/middleware/activity.go
@@ -0,0 +1,20 @@
+package middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"
+
+	"github.com/zitadel/zitadel/internal/activity"
+	"github.com/zitadel/zitadel/internal/api/info"
+)
+
+func UnaryActivityClientInterceptor() grpc.UnaryClientInterceptor {
+	return func(ctx context.Context, method string, req, reply any, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		activityInfo := info.ActivityInfoFromContext(ctx)
+		ctx = metadata.AppendToOutgoingContext(ctx, activity.PathKey, activityInfo.Path)
+		ctx = metadata.AppendToOutgoingContext(ctx, activity.RequestMethodKey, activityInfo.RequestMethod)
+		return invoker(ctx, method, req, reply, cc, opts...)
+	}
+}
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -96,7 +96,10 @@ func CreateGatewayWithPrefix(
 	runtimeMux := runtime.NewServeMux(serveMuxOptions...)
 	opts := []grpc.DialOption{
 		grpc.WithTransportCredentials(grpcCredentials(tlsConfig)),
-		grpc.WithUnaryInterceptor(client_middleware.DefaultTracingClient()),
+		grpc.WithChainUnaryInterceptor(
+			client_middleware.DefaultTracingClient(),
+			client_middleware.UnaryActivityClientInterceptor(),
+		),
 	}
 	connection, err := dial(ctx, port, opts)
 	if err != nil {
@@ -120,7 +123,10 @@ func CreateGateway(
 		port,
 		[]grpc.DialOption{
 			grpc.WithTransportCredentials(grpcCredentials(tlsConfig)),
-			grpc.WithUnaryInterceptor(client_middleware.DefaultTracingClient()),
+			grpc.WithChainUnaryInterceptor(
+				client_middleware.DefaultTracingClient(),
+				client_middleware.UnaryActivityClientInterceptor(),
+			),
 		})
 	if err != nil {
 		return nil, err
@@ -176,6 +182,7 @@ func addInterceptors(
 	handler = http_mw.CORSInterceptor(handler)
 	handler = http_mw.RobotsTagHandler(handler)
 	handler = http_mw.DefaultTelemetryHandler(handler)
+	handler = http_mw.ActivityHandler(handler)
 	// For some non-obvious reason, the exhaustedCookieInterceptor sends the SetCookie header
 	// only if it follows the http_mw.DefaultTelemetryHandler
 	handler = exhaustedCookieInterceptor(handler, accessInterceptor, queries)
--- a/internal/api/grpc/server/middleware/activity_interceptor.go
+++ b/internal/api/grpc/server/middleware/activity_interceptor.go
@@ -6,6 +6,7 @@ import (
 	"strings"

 	"google.golang.org/grpc"
+	"google.golang.org/grpc/metadata"

 	"github.com/zitadel/zitadel/internal/activity"
 	"github.com/zitadel/zitadel/internal/api/grpc/errors"
@@ -14,17 +15,13 @@ import (

 func ActivityInterceptor() grpc.UnaryServerInterceptor {
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		ctx = activityInfoFromGateway(ctx).SetMethod(info.FullMethod).IntoContext(ctx)
 		resp, err := handler(ctx, req)
 		if isResourceAPI(info.FullMethod) {
 			code, _, _, _ := errors.ExtractCaosError(err)
 			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
 			activity.TriggerGRPCWithContext(ctx, activity.ResourceAPI)
 		}
-		if strings.HasPrefix(info.FullMethod, "/zitadel.session.v1.SessionService/") {
-			code, _, _, _ := errors.ExtractCaosError(err)
-			ctx = ainfo.ActivityInfoFromContext(ctx).SetGRPCStatus(code).IntoContext(ctx)
-			activity.TriggerGRPCWithContext(ctx, activity.SessionAPI)
-		}
 		return resp, err
 	}
 }
@@ -42,3 +39,20 @@ func isResourceAPI(method string) bool {
 		return strings.HasPrefix(method, prefix)
 	})
 }
+
+func activityInfoFromGateway(ctx context.Context) *ainfo.ActivityInfo {
+	info := ainfo.ActivityInfoFromContext(ctx)
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return info
+	}
+	path := md.Get(activity.PathKey)
+	if len(path) != 1 {
+		return info
+	}
+	requestMethod := md.Get(activity.RequestMethodKey)
+	if len(requestMethod) != 1 {
+		return info
+	}
+	return info.SetPath(path[0]).SetRequestMethod(requestMethod[0])
+}
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@@ -11,7 +11,6 @@ import (

 	"github.com/muhlemmer/gu"

-	"github.com/zitadel/zitadel/internal/activity"
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/command"
@@ -352,9 +351,6 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
 		if err != nil {
 			return nil, err
 		}
-
-		// trigger activity log for session for user
-		activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
 		sessionChecks = append(sessionChecks, command.CheckUser(user.ID, user.ResourceOwner))
 	}
 	if password := checks.GetPassword(); password != nil {
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -198,7 +198,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
 		userOrgID = authReq.UserOrgID
 	case *AuthRequestV2:
 		// trigger activity log for authentication for user
-		activity.TriggerHTTP(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
+		activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
 		return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
 	}

@@ -213,7 +213,7 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
 	}

 	// trigger activity log for authentication for user
-	activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
+	activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCAccessToken)
 	return resp.TokenID, resp.Expiration, nil
 }

@@ -225,11 +225,11 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
 	switch tokenReq := req.(type) {
 	case *AuthRequestV2:
 		// trigger activity log for authentication for user
-		activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
+		activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
 		return o.command.AddOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.GetID())
 	case *RefreshTokenRequestV2:
 		// trigger activity log for authentication for user
-		activity.TriggerHTTP(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
+		activity.Trigger(ctx, "", tokenReq.GetSubject(), activity.OIDCRefreshToken)
 		return o.command.ExchangeOIDCSessionRefreshAndAccessToken(setContextUserSystem(ctx), tokenReq.OIDCSessionWriteModel.AggregateID, refreshToken, tokenReq.RequestedScopes)
 	}

@@ -258,7 +258,7 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
 	}

 	// trigger activity log for authentication for user
-	activity.TriggerHTTP(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
+	activity.Trigger(ctx, userOrgID, req.GetSubject(), activity.OIDCRefreshToken)
 	return resp.TokenID, token, resp.Expiration, nil
 }

@@ -288,7 +288,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
 			return nil, err
 		}
 		// trigger activity log for authentication for user
-		activity.TriggerHTTP(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
+		activity.Trigger(ctx, "", oidcSession.UserID, activity.OIDCRefreshToken)
 		return &RefreshTokenRequestV2{OIDCSessionWriteModel: oidcSession}, nil
 	}

@@ -298,7 +298,7 @@ func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken
 	}

 	// trigger activity log for use of refresh token for user
-	activity.TriggerHTTP(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
+	activity.Trigger(ctx, tokenView.ResourceOwner, tokenView.UserID, activity.OIDCRefreshToken)
 	return RefreshTokenRequestFromBusiness(tokenView), nil
 }

--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -145,6 +145,7 @@ func NewServer(
 		userAgentCookie,
 		http_utils.CopyHeadersToContext,
 		accessHandler.HandleIgnorePathPrefixes(ignoredQuotaLimitEndpoint(config.CustomEndpoints)),
+		middleware.ActivityHandler,
 	))

 	return server, nil
--- a/internal/api/saml/provider.go
+++ b/internal/api/saml/provider.go
@@ -65,6 +65,7 @@ func NewProvider(
 			userAgentCookie,
 			accessHandler.HandleIgnorePathPrefixes(ignoredQuotaLimitEndpoint(conf.ProviderConfig)),
 			http_utils.CopyHeadersToContext,
+			middleware.ActivityHandler,
 		),
 		provider.WithCustomTimeFormat("2006-01-02T15:04:05.999Z"),
 	}
--- a/internal/api/saml/storage.go
+++ b/internal/api/saml/storage.go
@@ -151,7 +151,7 @@ func (p *Storage) SetUserinfoWithUserID(ctx context.Context, applicationID strin
 	setUserinfo(user, userinfo, attributes, customAttributes)

 	// trigger activity log for authentication for user
-	activity.TriggerHTTP(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
+	activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SAMLResponse)
 	return nil
 }